NMAS Radius and EAP (802.1x) Authentication

  • 3740049
  • 05-Feb-2007
  • 16-Mar-2012

Environment


Novell BorderManager 3.8
Novell NetWare 6.5
Novell NMAS Radius 4.14

Situation

Administrators desire the use of EAP (Extensible Authentication Protocol, also refered to as IEEE 802.1x authentication) using eDirectory.

Resolution

The NMAS Radius tool is not capable of handling EAP requests. As of January 24, 2007, the only protocols supported by the NMAS Radius service are :
  • PAP
  • CHAP
There are no plans to extend this service to accomodate the EAP protocols.

Additional Information

The reason that EAP is not operational is because it uses added encryption - requiring the the RADIUS service to handle MD5 encryption (also known as hashes), TLS Tunnelling, and PKI API calls to implement (in addition to others). A good software package exists, FreeRADIUS, that runs on SLES Linux servers, which can implement EAP in the many facets of RADIUS authentication - EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-MD5. Using another Linux distribution may or may not work due to the requirement of the package to be compiled with the --with-edir option specified on the ./configure line.

If these encrypted mechanisms are required, consider the use of FreeRADIUS.